Wednesday, April 22, 2015

PETALING JAYA: Regional government and military officials, businessmen and journalists involved with the coming 26th Asean Summit in Kuala Lumpur could be among the targets of a recently discovered cyber espionage group, claims an Internet security firm.

https://www.fireeye.com/

FireEye, which exposed the presence of the APT30 group of hackers snooping on governments and businesses, including those in South-East Asia, said some of its previous attacks had been launched before key Asean meetings.

“Based on previous experience, I believe that this group and possibly others will try to use that meeting (26th Asean Summit) as part of their ruse to potentially target businesses and governments in the region,” said Bryce Boland, FireEye’s chief technology officer for Asia Pacific in a telephone interview here yesterday.

In its report, FireEye, which is based in the United States, said APT30 had a distinct interest in organisations and governments associated with Asean.

The group had released a malware in the run-up to the 18th Asean Summit in Jakarta in 2011 and the Asean-India commemorative Summit in 2012.

One of the domain names it used to command its malware was aseanm.com

AFP had reported that the APT30 group was “most likely sponsored by China” and that there was no immediate reaction from the Chinese government, which had always denied allegations of cyber espionage.

The two-day Asean Summit from April 26 is expected to discuss various issues, including maritime disputes between China and Brunei, Malaysia, Vietnam and the Philippines in the South China Sea, and the formation of a single market and production base in the region.

“The hackers are after intelligence and information, primarily about political changes, political positions, especially over disputed territories, border disputes and trade negotiations,” said Boland.

“We have also seen that when they target journalists, they are specifically looking for information in relation to understanding concerns about the legitimacy of the PRC (People’s Republic of China),” he said.

The group has also attacked businesses to steal information on deals, manufacturing plans and intellectual property such as schematic diagrams.

According to the FireEye report, Malaysia is one of seven countries with targets hit by the group, which has operated largely undetected for the past 10 years.

Others are Thailand, Vietnam, South Korea, Saudi Arabia, India and the United States.

Boland said the group mostly attacked their targets via spear phishing emails with attachments that appeared to be from a known contact but were in reality sent by the hackers.

The attachment, which can be in the form of a document with an Asean-related title, will contain a customised malware that is activated the moment that it is opened.

It allows the attacker to gain control of the victim’s computer and retrieve information from it.

Boland advised computer users not to open suspicious e-mails.

“Businesses and governments should ensure that their IT infrastructure not only protects them from attacks but can detect the extent of damage done in the event of a successful hack.”